Microsoft Antimalware for Azure cloud services and Virtual Machines has been officially released. The service provides real time protection from the latest threats, on-demand scheduled scanning and collection of antimalware events to your storage account via Azure Diagnostics at no additional charge.
Microsoft Antimalware is regarded as a single agent solution built on the same platform as Microsoft Security Essentials [MSE], Microsoft Forefront Endpoint Protection, Microsoft System Center Endpoint Protection, Windows Intune and Windows Defender for Windows 8.0 and higher.
It is possible to deploy protection and monitoring based on the needs of your application workloads to enable real-time protection, scheduled scanning in addition to malware remediation and protection updates.
By default, Microsoft Antimalware client and service is installed in a disabled state in all cloud services. In case of VM platform, it is available as an optional security extension.
In order to deploy Microsoft Antimalware for Azure, you require access to following:
- Microsoft Azure Subscription account
- Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2
- VM Agent
- Microsoft Azure PowerShell SDK Tools
- Azure Storage Account
Microsoft Antimalware is not supported on Windows Server 2008 and Windows Server Technical Preview.
In order to work with Antimalware, AAzure service administrator should enable it with a default or custom configuration for your Virtual Machines and Cloud Services using the following options:
- Virtual Machines – In the Azure Management Portal, under Security Extensions
- Virtual Machines – Using the Visual Studio virtual machines configuration in Server Explorer
- Virtual Machines and Cloud Services – Using the Antimalware service management APIs (SMAPI)
- Virtual Machines and Cloud Services – Using Antimalware PowerShell cmdlets
Microsoft Antimalware client downloads the latest protection engine and signature definitions from the Internet and loads them on the Azure system. The service writes service-related events to the system OS events log under the “Microsoft Antimalware” event source.
Following events will be recorded
- Antimalware client health state
- Protection and remediation status
- New and old configuration settings
- Engine updates
- Signature definitions
“You can customize the default antimalware configuration settings as required for your Azure application or service deployment and apply them for the Antimalware deployment scenarios,” said Scott Field, Partner Architect, Security & Compliance R&D, Microsoft.
Microsoft has published a whitepaper on Antimalware, which summarizes the settings available to enable and configure antimalware service and the supported antimalware deployment scenarios.
You will find various support options available in case if you run into a problem with Microsoft Antimalware solution for your Azure application for virtual machines or cloud services.